Passwords — the modern, secure, phishing-resistant alternative to passwords — may soon become easier to use across platforms. According to a new draft specification released by the FIDO (Fast Identity Online) alliance, companies like Google, Apple and Microsoft, as well as password management apps like Dashlane, 1Password and Bitwarden, could allow users to securely export and import access keys and passwords, allowing them to to migrate their credentials to another service (for example, when switching from Android to iOS) instead of creating new ones.
FIDO Alliance publishes draft specifications for secure credential exchange
The FIDO Alliance released two draft specifications on Monday — the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF) — saying they are designed to promote choice while improving the user experience using access keys.
The new draft CXP and CXF specifications are designed to simplify the process of transferring credentials such as passwords, access keys and other information in a secure manner. Currently, most password managers export credentials in plain text, usually as a comma-separated values (CSV) text file, which is extremely risky.
While the draft Secure Credential Exchange specification will improve the security of passwords when they are exported, it will provide the first secure method of migrating access keys between services.
For example, a Bitwarden user could export the access keys stored with the service and then import them into their Google or Apple account. The process would ensure that users would not need to generate multiple passwords for each service, while making it easier for users to switch platforms.
It is worth noting that it may take some time before the secure password and access key migration reaches the user. These draft specifications will need to be agreed upon, standardized and implemented by the credential providers in order for the new functionality to be available. The FIDO Alliance also says it accepts community review via GitHub — developers and enthusiasts can provide feedback on draft specifications.